How You can Conduct Security Audit for Your IT Department

BXP37799 Most of the big enterprises have IT department now a days. They have IT assets such as computers, networks, and data. You conduct security audit to find out potential security risks in your company. This article highlights the core areas to conduct security audit.

  • Scope of the Audit: In the beginning, you have to create a master list of audits to figure out what needs to be protected. That should include tangible assets like Desktop, Servers, files, web server, printer, Data, VoIP Record, Email, Web Pages etc. It may also include intangible assets that the company decides to protect.
  • Security Boundary: You need to determine what are the physical and logical security boundary for the audit. The physical boundary should contain those assets that need to be secured.
  • Threat List: In addition to asset list, you need to know what kind of threat each asset may expect. That may include:
    1. Computer or Network password: Try to see whether there is a record for log in information. Are those passwords strong enough?
    2. Email: Please, try to see if there is any spam and phishing filter that is associated with Email. It is good idea to encrypt employees’ email.
    3. Physical Assets: Is it possible to remove computer or accessories from the company area.
    4. Back ups: How the back up is conducted, where they have been kept, who did the back up
    5. Accessing secret information: Who can access those information? Is there any control in place? Can anybody outside access those information etc.
  • Network Access: You need some kind of Access Control List to figure out who got access at different assets in the company. Your network access control should take care of the following items like encryption, digital signatures, ACLs, IP addresses verification, user names, and  cookies for web pages.
  • Back Ups: In case of potential breaking or hacking of your system, you company is going to suffer due to information loss. In that circumstance, it is crucial to keep some kind of back up of your important assets. You need to emphasize on the important areas like On Line and Off line Storage, Scheduled back ups etc.
  • Physical Intrusion: This is the last but not least important security threat. You have to consider threat like if any outsider breaks into the business premises and steal some of the assets. You can take help from outside services to protect your expensive phones and PDAs. A stolen phone can not be used without security authorization.
Filed under Enterprise Software, Security | Tags: , , , , , , , , | Comment Below

Leave a Reply

Protected by Comment Guard Pro